Roku Has Posted Source Code for the Netflix Player; Hacking Begins

Certain components of the software included with the Netflix Player by Roku are subject to separate license terms, including "free" or "open source" software ("Separately Licensed Code"). As required by the terms of the relevant Separately Licensed Code licenses, Roku makes the "free" and "open source" code provided under such licenses, and Roku's modifications to such code, available on Roku's website, at no charge.

The source code files referenced on this page have been provided under one or more open source licenses. The source code listed here is complete to the best of Roku's knowledge. If you believe any additional source code files should be provided under the applicable open source license, please contact us at [email protected] and provide in detail the product or code module in question. Roku, Inc. is committed to meeting the requirements of the open source licenses including the GNU General Public License (GPL) and will make all required source code available on its website.

There is one interesting caveat to rolling your own Player: "This product is protected by certain intellectual property rights of Microsoft Corporation. Use or distribution of such technology outside of this product is prohibited without a license from Microsoft or an authorized Microsoft subsidiary."

It took a bit longer that I expected for the hackers to get into the Linux-based device. Mbaily on the Roku forums figured out how to telnet into the Netflix Player:

nmap showed port 8080 was open;

Code:
$ nmap [IP]

telnetted to 8080, but no response.

used nmaps scan version flag to yell at the socket with random version detection stuff and got:

Code:
$ nmap -sV -p8080 [IP]

Starting Nmap 4.53 ( http://insecure.org ) at 2008-06-12 14:45 PDT
Interesting ports on [IP]:
PORT STATE SERVICE VERSION
8080/tcp open http-proxy?
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
SF-Port8080-TCP:V=4.53%I=7%D=6/12%Time=485198E6%P=i686-pc-linux-gnu%r(NULL
SF:,89,"Welcome\x20to\x20the\x20Frampton\x20Debug\x20Terminal\.\n\rType\x2
SF:0'help'\x20for\x20help\.\n\rESN\x20

I was then able to telnet to the ip port 8080 and get to that terminal from then on. I'm not sure why this enabled the debug terminal, but I'm guessing nmap must have sent some bits to it that switched it on.

Comments

I could be wrong, but I doubt this is "Source Code to the Netflix Player". As the notice says, it is the source code to the "free" or "open source" parts they used. In other words, Linux software that's already available.

I had the weirdest thing happen to me! i was supposed to get 2 movies on tuesday. one was alias season 5, and one was drillbit taylor
so i go outside to the mailbox and only one was in there
so today i go out there later in the day, and theres a netflix envelope in there, but its ripped open and has been taped with scotch tape, and so i think well maybe someone took it and put it back
or the post office riped it, and it got stuck somewhere, it was 2 days late
so i just opened it figure well it would be drillbit taylor right?its some movie called vitus

What good is hacking the Roku player or virtualizing the platform? Right now, you can play Netflix and Amazon on demand offerings on ANY pc that can browse the internet. Virtualizing the Roku platform won't provide anything new. The benefit of Roku is it's various multimedia interfaces, ease of use, and HD capabilites. It's a hardware offering.

I'd like to see it hacked so I could stream my own collection of videos to the tiny little Roku box instead of my big ol' heavy Samsung DVR (which is LOUD and HOT - comparison to Roku). The form factor of the Roku is great for tacking on the side of the tubed box (old CRT TV...) I use for viewing.

also @ mike - you can't play Netflix on ANY pc, you have to have Windows XP service pack 2 or higher. We have one machine running Windows 2000 and 3 running Ubuntu and I can't watch any Netflix movies instantly. A linux player would be awesome.

i like this part of the post:"t took a bit longer that I expected for the hackers to get into the Linux-based device. Mbaily on the Roku forums figured out how to telnet into the Netflix Player:" is very good

The reason the Roku set-top box works is because of the video chip they use natively decodes the DRM, the fact that it is running Linux is most likely to keep their costs down - so it's not a software issue as much as it is a hardware issue. They are using an NXP chip.

Keep up with your good articles,and I will follow your steps.and now I have some good prodcuts about Air force ones for you,and hope you will have a look it,the way is easy to link my name and see them.they are good for you as well.